The authors explain each category of vulnerability using real-world examples, screen shots and code extracts. The book is extremely practical in focus, and describes in detail the steps involved in detecting and exploiting each kind of security weakness found within a variety of applications such as online banking, e-commerce and other web applications. The topics covered include bypassing login mechanisms, injecting code, exploiting logic flaws and compromising other users. Because every web application is different, attacking them entails bringing to bear various general principles, techniques and experience in an imaginative way. The most successful hackers go beyond this, and find ways to automate their bespoke attacks. This handbook describes a proven methodology that combines the virtues of human intelligence and computerized brute force, often with devastating results.The authors are professional penetration testers who have been involved in web application security for nearly a decade. They have presented training courses at the Black Hat security conferences throughout the world. Under the alias "PortSwigger," Dafydd developed the popular Burp Suite of web application hack tools.

    Written by the developer of the Ruby project Prawn, this concise book explains how to design beautiful APIs and domain-specific languages with Ruby, as well as how to work with functional programming ideas and techniques that can simplify your code and make you more productive. You'll learn how to write code that's readable, expressive, and much more.Ruby Best Practices will help you:Understand the secret powers unlocked by Ruby's code blocks Learn how to bend Ruby code without breaking it, such as mixing in modules on the fly Discover the ins and outs of testing and debugging, and how to design for testability Learn to write faster code by keeping things simple Develop strategies for text processing and file management, including regular expressions Understand how and why things can go wrong Reduce cultural barriers by leveraging Ruby's multilingual capabilities This book also offers you comprehensive chapters on driving code through tests, designing APIs, and project maintenance. Learn how to make the most of this rich, beautiful language with Ruby Best Practices.

    This book provides practical information about how and why the latest version of this markup language will significantly change the way you develop for the Web.HTML5 is still evolving, yet browsers such as Safari, Mozilla, Opera, and Chrome already support many of its features -- and mobile browsers are even farther ahead. HTML5: Up & Running carefully guides you though the important changes in this version with lots of hands-on examples, including markup, graphics, and screenshots. You'll learn how to use HTML5 markup to add video, offline capabilities, and more -- and you'll be able to put that functionality to work right away.Learn new semantic elements, such as,, andMeet Canvas, a 2D drawing surface you can program with JavaScriptEmbed video in your web pages without third-party pluginsUse Geolocation to let web application visitors share their physical locationTake advantage of local storage capacity that goes way beyond cookiesBuild offline web applications that work after network access is disconnectedLearn about several new input types for web formsCreate your own custom vocabularies in HTML5 with microdata

     Rails(TM) AntiPatterns identifies these widespread Rails code and design problems, explains why they're bad and why they happen--and shows exactly what to do instead.The book is organized into concise, modular chapters--each outlines a single common AntiPattern and offers detailed, cookbook-style code solutions that were previously difficult or impossible to find. Leading Rails developers Chad Pytel and Tammer Saleh also offer specific guidance for refactoring existing bad code or design to reflect sound object-oriented principles and established Rails best practices. With their help, developers, architects, and testers can dramatically improve new and existing applications, avoid future problems, and establish superior Rails coding standards throughout their organizations.This book will help you understand, avoid, and solve problems withModel layer code, from general object-oriented programming violations to complex SQL and excessive redundancy Domain modeling, including schema and database issues such as normalization and serialization View layer tools and conventions Controller-layer code, including RESTful code Service-related APIs, including timeouts, exceptions, backgrounding, and response codes Third-party code, including plug-ins and gems Testing, from test suites to test-driven development processes Scaling and deployment Database issues, including migrations and validations System design for "graceful degradation" in the real world

    Although its remarkable capabilities have made Ruby on Rails one of the world’s most popular web development frameworks, it can be challenging to learn and use. Ruby on Rails™ 3 Tutorial is the solution. Leading Rails developer Michael Hartl teaches Rails 3 by guiding you through the development of your own complete sample application using the latest techniques in Rails web development.Drawing on his experience building RailsSpace, Insoshi, and other sophisticated Rails applications, Hartl illuminates all facets of design and implementation—including powerful new techniques that simplify and accelerate development.You’ll find integrated tutorials not only for Rails, but also for the essential Ruby, HTML, CSS, JavaScript, and SQL skills you’ll need when developing web applications. Hartl explains how each new technique solves a real-world problem, and he demonstrates this with bite-sized code that’s simple enough to understand, yet novel enough to be useful. Whatever your previous web development experience, this book will guide you to true Rails mastery.This book will help you Install and set up your Rails development environment Go beyond generated code to truly understand how to build Rails applications from scratch Learn Test Driven Development (TDD) with RSpec Effectively use the Model-View-Controller (MVC) pattern Structure applications using the REST architecture Build static pages and transform them into dynamic ones Master the Ruby programming skills all Rails developers need Define high-quality site layouts and data models Implement registration and authentication systems, including validation and secure passwords Update, display, and delete users Add social features and microblogging, including an introduction to Ajax Record version changes with Git and share code at GitHub Simplify application deployment with Heroku

    Due to their monopoly position in web browsers, and the fact web browsers have spread from PCs to phones, tablets and TVs; their status will continue to grow and grow. Despite their success, many software engineers are apprehensive about JavaScript and HTML. This apprehensiveness is not completely unfounded; both JavaScript and HTML were rushed in their early years, and driven by commercial rather than engineering interests. As a result, many dubious features crept into these languages. Due to backwards compatibility concerns, most of these features still remain. In addition, many software engineers have used these languages without ever learning them. JavaScript and HTML have low barriers to entry, and this, along with their similarity to other languages, led many software engineers to conclude that there really was nothing much to learn. If you have not used JavaScript and HTML for a number of years, or if you are a programmer or software engineer using other languages, you may be surprised at what they now offer. Browser based web applications are now capable of matching or exceeding the sophistication and scale of traditional desktop applications. In order to create complex web applications however, it is essential to learn these languages. This book takes the point of view that once you have a strong grasp of the fundamentals, the details will take care of themselves. It will not present you with long lists of APIs, or intricate details of every attribute, these can be found in reference manuals. It will focus on the details of each language that are fundamental to understanding how they work. This book will guide you through the process of developing a web application using HTML5, Javascript, jQuery and CSS. It contains the following content: 1. An introduction to the HTML5 markup language, and how it differs from HTML4 and XHTML. 2. An introduction to JavaScript, including an in-depth look at its use of objects and functions, along with the design patterns that support the development of robust web applications. 3. An introduction to jQuery selection, traversal, manipulation and events. 4. An in-depth look at the Web storage and IndexedDB APIs for client side data storage. 5. A guide to implementing offline web applications with the Application Cache API. 6. An introduction to the ways JavaScript can interact with the users file-system using the FileReader API. 7. The use of Web Workers in a web application to execute algorithms on background threads. 8. An introduction to AJAX, and the jQuery API supporting AJAX. 9. An introduction to Server Sent Events and Web Sockets. All subjects are introduced in the context of a sample web application. This book is intended for anyone with at least a superficial knowledge of HTML and programming.

    This update to the bestselling first edition dives in to cover the exciting new features of the latest release of the Android mobile platform.Providing in-depth coverage of how to build mobile applications using the next major release of the Android SDK, this invaluable resource takes a hands-on approach to discussing Android with a series of projects, each of which introduces a new feature and highlights techniques and best practices to get the most out of Android.The Android SDK is a powerful, flexible, open source platform for mobile devices Shares helpful techniques and best practices to maximize the capabilities of Android Explains the possibilities of Android through the use of a series of detailed projects Demonstrates how to create real-world mobile applications for Android phones Includes coverage of the latest version of Android Providing concise and compelling examples, Professional Android Application Development is an updated guide aimed at helping you create mobile applications for mobile devices running the latest version of Android.

    I loved the tutorial-style game-like program development. This book rekindled my earliest joys of programming. Plus, JavaScript!" —Brendan Eich, creator of JavaScriptJavaScript is the language of the Web, and it's at the heart of every modern website from the lowliest personal blog to the mighty Google Apps. Though it's simple for beginners to pick up and play with, JavaScript is not a toy—it's a flexible and complex language, capable of much more than the showy tricks most programmers use it for.Eloquent JavaScript goes beyond the cut-and-paste scripts of the recipe books and teaches you to write code that's elegant and effective. You'll start with the basics of programming, and learn to use variables, control structures, functions, and data structures. Then you'll dive into the real JavaScript artistry: higher-order functions, closures, and object-oriented programming.Along the way you'll learn to:Master basic programming techniques and best practices Harness the power of functional and object-oriented programming Use regular expressions to quickly parse and manipulate strings Gracefully deal with errors and browser incompatibilities Handle browser events and alter the DOM structure Most importantly, Eloquent JavaScript will teach you to express yourself in code with precision and beauty. After all, great programming is an art, not a science—so why settle for a killer app when you can create a masterpiece?

    Learn how to leverage the Django web framework to its full potential in this advanced tutorial and reference. Endorsed by Django, Pro Django more or less picks up where The Definitive Guide to Django left off and examines in greater detail the unusual and complex problems that Python web application developers can face and how to solve them.Provides in-depth information about advanced tools and techniques available in every Django installation Runs the gamut from the theory of Django's internal operations to actual code that solves real-world problems for high-volume environments Goes above and beyond other books, leaving the basics behind Shows how Django can do things even its core developers never dreamed possible

    More than three years in development and subjected to numerous industry reviews, the 85 patterns in this full-color book provide the most successful and proven design techniques to overcoming the most common and critical problems to achieving modern-day SOA. Through numerous examples, individually documented pattern profiles, and over 400 color illustrations, this book provides in-depth coverage of:• Patterns for the design, implementation, and governance of service inventories–collections of services representing individual service portfolios that can be independently modeled, designed, and evolved.• Patterns specific to service-level architecture which pertain to a wide range of design areas, including contract design, security, legacy encapsulation, reliability, scalability, and a variety of implementation and governance issues.• Service composition patterns that address the many aspects associated with combining services into aggregate distributed solutions, including topics such as runtime messaging and message design, inter-service security controls, and transformation.• Compound patterns (such as Enterprise Service Bus and Orchestration) and recommended pattern application sequences that establish foundational processes. The book begins by establishing SOA types that are referenced throughout the patterns and then form the basis of a final chapter that discusses the architectural impact of service-oriented computing in general. These chapters bookend the pattern catalog to provide a clear link between SOA design patterns, the strategic goals of service-oriented computing, different SOA types, and the service-orientation design paradigm.This book series is further supported by a series of resources sites, including soabooks.com, soaspecs.com, soapatterns.org, soamag.com, and soaposters.com.

    This book is both an example-driven programmer's guide and a keep-on-your-desk reference, with new chapters that explain everything you need to know to get the most out of JavaScript, including:Scripted HTTP and Ajax XML processing Client-side graphics using the canvas tag Namespaces in JavaScript--essential when writing complex programs Classes, closures, persistence, Flash, and JavaScript embedded in Java applicationsPart I explains the core JavaScript language in detail. If you are new to JavaScript, it will teach you the language. If you are already a JavaScript programmer, Part I will sharpen your skills and deepen your understanding of the language.Part II explains the scripting environment provided by web browsers, with a focus on DOM scripting with unobtrusive JavaScript. The broad and deep coverage of client-side JavaScript is illustrated with many sophisticated examples that demonstrate how to:Generate a table of contents for an HTML document Display DHTML animations Automate form validation Draw dynamic pie charts Make HTML elements draggable Define keyboard shortcuts for web applications Create Ajax-enabled tool tips Use XPath and XSLT on XML documents loaded with Ajax And much morePart III is a complete reference for core JavaScript. It documents every class, object, constructor, method, function, property, and constant defined by JavaScript 1.5 and ECMAScript Version 3.Part IV is a reference for client-side JavaScript, covering legacy web browser APIs, the standard Level 2 DOM API, and emerging standards such as the XMLHttpRequest object and the canvas tag.More than 300,000 JavaScript programmers around the world have made this their indispensable reference book for building JavaScript applications."A must-have reference for expert JavaScript programmers...well-organized and detailed."-- Brendan Eich, creator of JavaScript

    It teaches Clojure from the basics to advanced topics using practical, real-world application examples. Blow through the theory and dive into practical matters like unit-testing and environment set-up, all the way through building a scalable web-application using domain-specific languages, Hadoop, HBase, and RabbitMQ. About the TechnologyClojure is a modern Lisp for the JVM, and it has the strengths you'd expect: first-class functions, macros, support for functional programming, and a Lisp-like, clean programming style. About this BookClojure in Action is a practical guide focused on applying Clojure to practical programming challenges. You'll start with a language tutorial written for readers who already know OOP. Then, you'll dive into the use cases where Clojure really shines: state management, safe concurrency and multicore programming, first-class code generation, and Java interop. In each chapter, you'll first explore the unique characteristics of a problem area and then discover how to tackle them using Clojure. Along the way, you'll explore practical matters like architecture, unit testing, and set-up as you build a scalable web application that includes custom DSLs, Hadoop, HBase, and RabbitMQ. What's InsideA fast-paced Clojure tutorial Creating web services with Clojure Scaling through messaging Creating DSLs with Clojure's macro system Test-driven development with Clojure Distributed programming with Clojure, and moreThis book assumes you're familiar with an OO language like Java, C#, or C++ but requires no background in Lisp or Clojure itself.================================== Table of ContentsPART 1 GETTING STARTED Introduction to Clojure A whirlwind tour Building blocks of Clojure Polymorphism with multimethods Clojure and Java interop State and the concurrent world Evolving Clojure through macros PART 2 GETTING REAL Test-driven development and more Data storage with Clojure Clojure and the web Scaling through messaging Data processing with Clojure More on functional programming Protocols, records, and type More macros and DSLs

    Some of its new features are already being implemented by existing browsers, and much more is around the corner. Written by developers who have been using the new language for the past year in their work, this book shows you how to start adapting the language now to realize its benefits on today's browsers. Rather than being just an academic investigation, it concentrates on the practical--the problems HTML5 can solve for you right away. By following the book's hands-on HTML5 code examples you'll learn: new semantics and structures to help your site become richer and more accessiblehow to apply the most important JavaScript APIs that are already implementedthe uses of native multimedia for video and audiotechniques for drawing lines, fills, gradients, images and text with canvas how to build more intelligent web formsimplementation of new storage options and web databaseshow geolocation works with HTML5 in both web and mobile applicationsAll the code from this book (and more) is available at www.introducinghtml5.com. ********There appear to be intermittent problems with the first printing of Introducing HTML5. If you have one of these copies, please email us at ask@peachpit.com with a copy of your receipt (from any reseller), and we'll either provide access to the eBook or send you another copy of the print book -- whichever you prefer. If you'd like the eBook we can add that to your Peachpit.com account. You can set up a free account at www.peachpit.com/join http: //www.peachpit.com/join>. Thanks so much for your understanding!

    You can now easily extend the framework, change its behavior, and replace whole components to bend it to your will, all without messy hacks. This pioneering book is the first resource that deep dives into the new Rails 3 APIs and shows you how use them to write better web applications and make your day-to-day work with Rails more productive. Rails Core developer Jose Valim guides you through seven different tutorials, each of them using test-driven development to build a new Rails extension or application that solves common problems with these new APIs. You will understand how the Rails rendering stack works and customize it to read templates from the database while you learn how to mimic Active Record behavior, like validations, in any other object. You will find out how to write faster, leaner controllers, and you'll learn how to mix Sinatra applications into your Rails apps, so you can choose the most appropriate tool for the job. In addition, you will improve your productivity by customizing generators and responders. This book will help you understand Rails 3's inner workings, including generators, template handlers, internationalization, routing, and responders. With the knowledge you'll gain, you'll be ready to tackle complicated projects more easily than ever before, creating solutions that are well-tested, modular, and easy to maintain.

    Learn responsive design using HTML5 and CSS3 to adapt websites to any browser or screen size.